Posted tagged ‘camera’

As you probably know, clickjackers often use Adobe Flash to highjack computer cameras. This allows them to see into your home, take pictures, and pretty much spy on anyone in the world with an Internet connection. Your best defense: a piece of tape placed strategically over your camera. You can’t go wrong with the analog solution. Of course, then you have to find a way to deal with the clickjack that activates your computer’s microphone as well as your webcam. Those tricky scam artists are always one step ahead of decent folk.

Adobe has announced, however, that it has fixed the flaw in Flash that allowed clickjackers to activate microphones and webcams.

Before the latest Flash update, clickjackers could have their way with your computer by luring you into a simple trap. Often in the form of a game, the scammers just had to convince you to click an invisible frame on your screen. That would activate Flash’s manager and allow them to take control.

Obviously this is a good thing for anyone concerned about computer security. You kind of have to wonder how many unsavory online photographs were taken without permission. A quick clickjack, a little Photoshop, and boom! You’ve got yourself a male enhancement ad.

Of course, this might bum a few people out. After all, the Internet was obviously designed to collect naked photographs of every person in the world. Now that Adobe has managed to improve its software, how will humanity ever reach such a lofty goal?

Just last weekend, I’m sitting at my parent’s house enjoying Easter lunch when my dad asks me if I knew that viruses could turn on my webcam.

I resisted the temptation to roll my eyes. Hey, dad, I’ve been working in Internet security for about a decade now, so you’re probably not going to stump me just because you got your AOL account up and running last year.

The truth is that there isn’t much to fear when it comes to clickjacking (or “viruses,” if you want to use my dad’s terminology) and webcams. We’ve known about Adobe’s vulnerability for sometime now, and the company has made it pretty easy for you to avoid clickjacking attacks that could turn on your webcam or microphone.

The latest version of Adobe isn’t susceptible to these attacks. If you haven’t updated your Adobe software recently, then go do it right now before you give some dirtbag the opportunity to eavesdrop on you. If, for some reason, you’re extremely reluctant to download the latest Adobe software, then you can tighten your program’s security parameters. Assuming that you’re not using software from the 90s, you’ll probably solve the problem this way.

This prevents the immediate problem, but doesn’t mean that you’re safe from clickjacking. Clickjacking attacks, after all, come in a wide range of flavors. None of them taste good.

Keep your system safe by avoiding suspicious links. Plus, you should really have some reliable antivirus protection for your computer. In fact, use two antivirus programs. That should stop pretty much anything from getting through. Even though it won’t completely stop clickjacks, it will almost certainly protect your computer from the harmful side effects that could result from clickjacked websites.

Clickjacking can do more than just sign you up to follow Twitter accounts and grab your personal information. It can even take over your computer’s webcam and microphone. Seeing as how most new computers have built in video cameras, this is something definitely worth learning about.

In this CNET interview with Jeremiah Grossman, CTO of Whitehat Security, you find out how easy it is for someone to hijack your computers camera. Granted, Grossman is a bit of a genius when it comes to click jacking (he’s been at the forefront of clickjacking security for as long as we’ve known that it is a problem), so you can bet that click jacking is a little bit harder for the average person than it is for him.

Still, it’s frightening to see how quickly he makes a java button invisible and places it over another pages button. Certainly there are cybercriminals out there who are at least as good at this as Grossman. Maybe we’re just lucky that cyberjacking hasn’t completely ruined the small bit of trust that we have in the internet.

Grossman talks to his CNET host, Tom Merritt, about ways that computer users can protect themselves from this particular attack. Again, there aren’t a whole lot of options. Grossman mentions using No Script (it’s a Firefox extensive that inhibits javascript on a site’s page) and upgrading to Flash 10, which has better security features for webcams and microphones than earlier version.

Grossman’s favorite way to prevent people from taking pictures of him with his own camera while he’s surfing the net? Put a piece of Post-It Note over the camera lens.

As he saws, “if you can’t trust software, at least you can trust hardware.”

Personally, I find that scarier than just telling everyone that there isn’t a good answer. A piece of Post-It Note? One of the smartest computer security specialists in the world just told us to use Post-It Notes?

Subscribe

Click Jacking Jack syndicates its weblog posts
and Comments using a technology called
RSS (Real Simple Syndication). You can use a service like Bloglines to get
notified when there are new posts to this weblog.